Logical Access Controls
Download
Report
Transcript Logical Access Controls
Protection of Information
Assets
Module - II
Information Assets
An “Information Asset” is any definable piece of
information, which the organization regards as
“valuable”.
Information Assets usually have one or more of the
following characteristics:
• They are recognized to be of value to the
organization.
• They are not easily replaceable without cost, skill,
time, resources or a combination of these resources.
• They form a part of the organization’s corporate
identity, without which, the organization may be
vulnerable to a variety of threats.
Characteristics of Information
• Integrity
The system performs its functions in an unimpaired
manner, free from unauthorized manipulation of the system
• Availability
The system works promptly & service is not denied to
authorized users
• Confidentiality
The private & confidential information should not be
disclosed to unauthorized individuals
• System Efficiency
It is defined as the extent to which information technology
produce the desired objectives
• System Effectiveness
It is defined as the extent of information technology
resources used to achieve the desired objectives
Classification of Information Assets
Examples of Data Classification
• Top secret
• Secret
• Confidential
• Sensitive
• Unclassified
Classification of Information Assets
• Top secret – The compromise of confidentiality, integrity
& availability of information can endanger the existence
of an organization.
• Secret – Information is strategic for survival of an
organization. Unauthorized disclosure can cause severe
damage.
• Confidential – Information in this category also needs
high level protection but unauthorized disclosure may
cause significant Loss or damage.
Classification of Information Assets
• Sensitive – Disclosure may cause serious impact. Hence
such information requires higher classification as
compared to unclassified information.
• Unclassified – Unauthorized access to this information
would not cause any adverse impact on the organization.
Such information may also be made freely available to
the public
Classification of Users
• Data Owners – The owner is responsible for protection
of the data source & accountable for any loss or damage
to the data. Eg. Sales Director may be the designated
owner of the sales transaction database
• Data Users – These are the end users who actually
access the data. They derive their rights of access from
the data owners. Eg. Data entry operators
• Data Custodians – They are delegated with the
responsibility of protection of data resources. Eg. IT
Department.
Access Control Models
• Mandatory Access Control
An individual user is given access to a resource based on
his clearance for a particular degree or level of security.
E.g. In case of Defense Installations
• Discretionary Access Control
Users are given rights to specify the delegation of rights of
the resources allowed to them
Hacker Vs Cracker
• Hacker
Persons who gain unauthorized access to computers &
networks. They are not criminally motivated, most of them
hack in the system just for the challenge.
• Cracker
Hackers with criminal intent i.e either hacking for money or
to cause damage are known as crackers
Information Security Policy
• A security policy is the statement of intent by the
management about how to protect a company’s
information assets.
• A security policy is a formal statement of the rules by
which people who are given access to an organization's
technology and information assets must abide.
• A security policy is the essential foundation for an
effective and comprehensive security program.
• A security policy is the primary way in which
management’s expectations for security are translated
into specific measurable and testable goals and
objectives.
Kinds of Security Policy
• Program policy is used to create an organization’s
computer security program
• Issue specific policy address specific issues of concern
to the organization
• System specific policy is much more focused, since it
addresses only one system. It focuses on decisions
taken by management to protect a particular system.
Kinds of Security Policy
Program Policy
Purpose
Scope
Issue Specific Policy
Issue Statement
Responsibility
Statement of the
Organisation Position
Compliance
Applicability
Roles &
Responsibilities
Compliance
Points Of Contact
System Specific Policy
Tools to Implement Policies
Policies
Formal statements made by the management of their
overall intention & direction. Eg: It is company’s policy to
protect its information assets from all threats.
Standards
After the creation of policies, standards conforms to the
best practices that can be designed for the organization.
They ensure uniformity in their use throughout the
organization. Eg : A standard could be the mandatory
use of encryption of all data categorized as critical
Guidelines
The creation of standards will in turn lead to creation of
guidelines. These are collection of best practices from
which the organization can choose the most appropriate
practice for them. Eg : For encryption of data the company
chooses the RSA 128-bit encryption technology
Procedures
Procedures outline the set of steps to be performed to
ensure that policy guidelines are met. They are detailed
documents, which help in translation of policies into action
plans and guidelines for day-to-day use by business
process owners. Eg : The document describing how a user
can encrypt critical data using RSA 128 bit encryption
These are documented processes which can be verified,
validated and approved
Who should be involved when forming policy
• IT Investment Board
This board is responsible for setting the investment criteria
for security product selection from qualitative &
quantitative perspects.
• Chief Information Officer (CIO)
CIO is responsible for organization’s IT Planning,
Budgeting, Investment, performance & acquisition.
Who should be involved when forming policy
• IT security program manager
These are responsible for developing enterprise standards
for IT security. Eg. Single sign on, remote access, user id
creation.
• IT Security Officer
Responsible for ensuring the security of information system
throughout its life cycle
Audit of IS Security Policy
• Whether a well-documented security policy is available?
• Whether Inventory of IT assets are made part of the
policy?
• Whether policies related to IT activities are listed in the
security policy?
• Whether the policy takes into account the business
strategy for the next 3 - 5 years?
• Whether the policy takes into account the legal
requirements?
• Whether the policy takes into account the regulatory
requirements?
Audit of IS Security Policy
• Whether the policy is approved and adopted by the
Board of Directors / Senior Management?
• Whether the policy is communicated to all concerned
and is understood by them?
• Whether the following major security areas are covered
in the policy?
• PC and LAN, MAN and WAN security
• Physical Security to IS establishments
• Handling of confidential information
• Handling of security incidents
Audit of IS Security Policy
•
•
•
•
•
•
•
•
Privacy related issues for outside entities
E-mail security
Application security
Interface Security
Password Security
Operating system security, web site security
Database security
Anti virus and piracy policy
Audit of IS Security Policy
•
•
•
•
•
Archived and Backed up data security
Procedures for handling incidence of security breach
Disaster Recovery Plan
Use of cryptology and related security
Persons responsible for implementing security policy and
consequence for willful violation of the Security Policy
• Whether a review process is in place for reviewing the
policy at periodic intervals and / or on any other major
event?
Questions
A requirement that a system performs its intended
function in an unimpaired manner, free from
unauthorized manipulation of system is called
a. Confidentiality
b. Availability
c. System Integrity
d. Data Integrity
c. System Integrity
A requirement that private or confidential
information should not be disclosed to unauthorized
individual is called
a. Confidentiality
b. Availability
c. System Integrity
d. Data Integrity
a. Confidentiality
In which of the following access control model is it
necessary for each resource to be classified and for
each user be assigned a clearance level
a. Supervisory Access Control
b. Mandatory Access Control
c. Discretionary Access Control
d. Reactionary Access Control
b. Mandatory Access Control
Commercial organizations are more likely to use
a. Unrestricted Access Control
b. Mandatory Access Control
c. Discretionary Access Control
d. Compulsory Access Control
c. Discretionary Access Control
Military & Defense organizations are more likely to
use
a. Unrestricted Access Control
b. Mandatory Access Control
c. Discretionary Access Control
d. Compulsory Access Control
b. Mandatory Access Control
The greatest risk of inadequate definition of policy
relating to ownership of data & system is :
a. All users are authorized to originate, modify &
delete data
b. Accountability cannot be established
c. Difficulty in coordinating change within Large
organization
d. Audit recommendations cannot be established
b. Accountability cannot be established
Protection Of Information Assets
Logical Access Control
Application Control
Network Security Control
Physical Access Control
Environmental Access Control
Logical Access Controls
• Logical access controls are protection mechanisms that
limit users' access to data and restrict their access on
the system to only what is appropriate for them
• Logical access controls serve as one of the means of
information security
• They are expected to provide access to information
resources on a need to know and need to have basis
using principle of least privileges
• Logical access controls is all about protection of
information assets wherever they reside.
Paths/Modes of Logical Access
• A machine connected to the network
• A network device that is part of the network and with a
free port to which a personal computer can be attached.
Eg. Hub, Switch, Router
• Dialup device capable of connecting to network
• A machine having access to the network through
wireless mode
Logical Access Exposures
Technical Exposures
• Data Leakage
• Wire Tapping
• Scavenging or Dumpster Diving
• Emanation Interception
• Data Diddling
• Piggybacking
• Masquerading
• Spoofing
• Asynchronous Attacks
Logical Access Exposures
•
•
•
•
•
•
•
•
Keystroke monitoring (Key Logging)
Rounding Down
Salami Technique
Trap Doors
Remote Shut Down
Denial of Service
Social Engineering
Buffer Overflow
Logical Access Exposures
•
Data Leakage – Sensitive information contained in computer
files may be copied on disks or electronically transferred to
other location.
•
Wire Tapping – Networking cables or telecommunication
lines are tapped by the perpetrator. This is similar to tapping
of telephone lines.
•
Scavenging or Dumpster Diving – The perpetrator gains
access to areas such as recycle bin, temporary files etc. This
can be used by the perpetrator to put together critical
information about the organization
• Spoofing – IP Spoofing involves the alteration of TCP packet,
by inserting a source address of a known & trusted host
instead of the attacker’s host. The target may accept the
packet and act on it leading to undesirable consequences.
Logical Access Exposures
• Data Diddling – This involves unauthorized modification
of input manually or data in electronic form submitted for
processing. Eg: Changes in voucher or invoice submitted for
processing.
• Piggybacking – The perpetrator waits for authorized user
to log into the system & leave it unattended.
•
Masquerading – A perpetrator posing as legitimate user,
sends a message to the system administrator that he has lost
password & requests for a new password which is used for
gaining wrongful access to the system.
Logical Access Exposures
• Asynchronous Attacks – In such transmission the
sender & receiver do not operate at the same speed, hence
the data is stored in temporary buffer awaiting processing.
The perpetrator attacks such data to retrieve the information
• Buffer Overflow – A process can receive more data that it
can handle. If developer has not written the instruction on how
the process should behave when handling excessive data, the
program may malfunction. This malfunction can be exploited
by a malicious attacker.
•
Rounding Down – The perpetrator rounds down the
amounts in various transactions to the nearest desired
decimal place & it is routed to Pre-designated account. Eg :
Rs 3,45,231.37 rounded down to Rs. 3,45,231.35 & transfers
Rs. .02 to pre-designated account.
Logical Access Exposures
• Salami Technique – This is similar to rounding down
technique except that in this case the perpetrator slices off a
fixed value from each amount. Eg: A perpetrator can modify
an interest calculation program in such a way that a small
amount, say rs .03 is deducted from all the payments &
transferred to an unauthorized account.
• Trap Doors – Usually a trap door is created by the original
programmer to allow him to access to the system. A
perpetrator bypasses the security protection & modify the
behaviour of application system in undesirable ways.
•
Denial of Service (DOS) – The perpetrator attempts to
flood memory buffers & communication ports to prevent
delivery of normal services
Malicious Code
•
•
•
•
•
•
•
•
Viruses
Worms
Trojan Horses
Logic Bombs
Macro Viruses
Polymorphic Viruses
Stealth Viruses
Adware and Spyware
Logical Access Exposures – Malicious Code
• Virus – It attaches to a host program & propagates when an
infected program is executed. These are dependent on
another program to replicate themselves. Hence they are not
capable of self actuating.
• Worms – These attack a network by moving from device to
device. They do not depend on any program for replication.
Hence worms spread much more rapidly than viruses.
•
Trojan Horses – Trojan Horse hide malicious code inside
a host program that seems to do something useful. Once
these programs are executed, the malicious code is released
to attack the workstation
Logical Access Exposures – Malicious Code
• Logic Bombs – Logic bombs are often legitimate
programs to which malicious code is added. They blow up on
meeting a logical event such as time, no. of users, disk usage
etc.
• Polymorphic Viruses – These are difficult to detect
because they hide themselves from antivirus software by
altering their appearance after each infection.
•
Stealth Viruses – These attempt to hide their presence
from the operating system & antivirus software by encrypting
themselves.
Logical Access Controls
•
•
•
•
•
Identification and Authentication
Access Controls in Operating Systems
Access Control Lists
Database Controls
Audit Trail
Identification and Authentication
The primary function of access control is to allow
authorized access and prevent unauthorized access.
Access control mechanism is actually a three step
process:
• Identification: Identification is a process by which a
user provides a claimed identity to the system such as
an account number.
• Authentication: Authentication is a mechanism through
which the user’s claim is verified.
• Authorization: The authenticated user is allowed to
perform a pre-determined set of actions on eligible
resources.
Identification and Authentication
Authentication Techniques
• Passwords and PINs ( What user Knows )
• Token Based Authentication ( What User has )
• Biometric Security ( What user is )
Passwords and PINs
Weaknesses of Logon mechanism
Logon/password access security is based on information to
be remembered by the user (what the user knows). This
results in the following weaknesses:
• Passwords are easily shared.
• Users often advertently or inadvertently reveal
passwords leading to security being compromised.
• Repeated use of same password could lead to
passwords being easily guessed by others.
Passwords and PINs
• If a password is too short or too easy, the chances of the
password being guessed are quite high.
• If a password is too long or too complex, the user may
forget or may write it down.
• If many applications have to be accessed by one user,
many passwords have to be remembered.
• Passwords can be shared, guessed, spoofed or
captured
Passwords and PINs
Recommended practices for strong passwords
• The user should not share the authentication information
viz. password.
• The password should be easy for the user to remember
but hard for the perpetrator to guess.
• On creation of a new user, the first password is allotted
by the security administrator and a change of password
is forced on the first login.
• Users should be encouraged or forced to change
passwords periodically. Eg: once in 60 days.
• Concurrent logins by same user should not be permitted.
Passwords and PINs
• Passwords should not be too short and should not use
name of user, pet, common words found in dictionary or
such other attributes.
• Password combination should be random and use
alphabetic, numeric and special characters(such as “!”,
“#” , “^”, etc.).
• Passwords should be changed periodically.
• Number of wrong login tries should be restricted to
three, after which the system should lockout the user.
Further access can be granted only through the
intervention of the security administrator.
Passwords and PINs
• The logon ids active in the system should not exceed the
number of users actually authorized to access systems
resources.
• In case the a user remains inactive at a terminal, for a
length of time (say 20 minutes), the terminals should lock
out the user and require the user to login again.
Passwords and PINs
Attacks on logon/password systems
• Bruteforce – The attacker tries out every possible
combination to hit on the successful match . He may also
use password cracking software.
• Dictionary attack – This attack is based on the
assumption that users tend to use common words as
passwords which can be found in a dictionary.
• Trojan
• Spoofing attacks
• Piggybacking
Token Based Authentication
• Plastic Cards
– Memory tokens (eg. ATM card, Credit Card )
The cards contain visible information such as name,
identification no etc. and also a magnetic strip. This strip
stores information about the user.
– Smart Tokens
The card contains small processor which enables storing of
dynamic information on the card such as bank balance,
credit limits etc.
Token Based Authentication
• Proximity Readers – When a person in possession of a
card reaches a restricted area, the card data is read by
proximity reader which enables access to the restricted area
or system. Eg. Electronic attendance cards
• Single Sign on – It is a user authentication process that
permits a user to enter one name & password in order to
access multiple applications.
Biometric Security
•
•
•
•
•
•
•
•
Fingerprint
Facial Scan
Hand Geometry
Signature
Voice
Keystroke Dynamics
Iris Scanners
Retina Scanners
Access Controls in Operating Systems
• Authentication of the user
• User Management
• Restrict Logon IDs to specific workstations and / or
specific times
• Manage account policies
– Password Policy
– Account Lockout Policy
• Manage audit policy
• Log events
• Report capabilities
Pluggable Authentication Modules
The Pluggable authentication module (PAM) framework
provides system administrators with the ability to
incorporate multiple authentication mechanisms into an
existing system through the use of pluggable modules.
The flexibility provided allows administrators to do the
following:
• Select any authentication service on the system for an
application
• Use multiple authentication mechanisms for a given
service
• Add new authentication service modules without
modifying existing applications
• Use a previously entered password for authentication
with multiple modules
Access Control Lists (ACL)
An access control list is a table that tells the computer
operating system which access rights each user has to a
particular directory/folder or file.
The list has an entry for each system user with his access
privilege (eg. Read, write or delete a file)
When the system receive a request, it determines the
access by consulting a hierarchy of rules in the ACL
Database Controls
• Database Roles and Permissions ( segregation of duty )
• Views – While Roles & Permissions allow control of
operations that a user can perform on database, Views
enables further data access limitations. A view is a
content or context dependent subset of one or more
tables. Eg. – A view might be created to allow a sales
manager to view only the information in a customer table
that is relevant to customers of his own territory.
Database Controls
• Stored Procedures - Database servers offer developers
the ability to create & reuse SQL code through the use of
objects called as Stored Procedures( Group of SQL
statements). These are available to applications
accessing a database system & is actually stored in
database. Stored procedures reduce the long SQL
queries to a single line that is transmitted over the wire &
therefore reduces the network traffic tremendously
• Triggers – These are designed to be automatically ‘fired’
when a specific action/event takes place within a
database. Eg. When a change is made in ‘Employee
Salary’ table, a trigger may notify the same to High level
manager
Database Restrictions
• Name Dependent – Users access to data resource is
restricted based on their action privileges with respect to data
resource. Eg. A payroll clerk is allowed to view all the data
fields except employee’s medical history
• Content Dependent – Access to user is restricted to a
particular degree of sensitivity. Any access beyond that
degree of sensitivity is not allowed to the user. Eg: A petty
cashier is not allowed access to transaction with value in
excess of a prescribed limit
• History Dependent – A user may construct a series of queries
in such a way that each query & its answer does not violate
the security policy, but answers to all queries taken together
would give him information to which he is not authorized
Database Restrictions
• Context Dependent – Using diverse queries, a user may be
able to infer about content permissible only for higher access
security. In order to secure against such improper access,
access is restricted to all contextual references to data with
higher security. E.g. Even though a user may not have access to
income data of customers, he may query the database & obtain
a list of customer making high value purchases, which allows
him to infer the income of the customers.
Audit Trail
• An Audit Trail is a record to enable the reconstruction
and examination of the sequence of events of a
transaction, from its inception to the output of final
results or from output to the events and transactions.
• Audit trails maintain a record of system activity, both by
computer systems and users.
• Audit trails assist in detection of security violation,
segregation of duties, etc.
Audit Trail
• Audit trails are maintained at various levels:
– Operating systems ( known as System level log )
– Network component (known as System level log)
– Application ( known as Application level log )
– Database ( known as Application level log )
Audit of Access Controls
• Audit Procedures - Special Considerations
– Identification of logical access paths
• Audit Test Procedures
• Systems Configuration
- System configuration should be as per organization policy
- Any changes to system configuration should be authorized,
documented & tested
Audit of Access Controls
• Logical Access mechanisms
– User account management and password management
– Privileged logons and special user accounts
– Access to file directories and application logic and system
instruction sets
• Bypass Security Procedures
(eg. Audit of access
given to employees in emergency situation)
Questions
______ is the most difficult database access control to
implement ?
a.Content Dependent Access Control
b.Name Dependent Access Control
c.History Dependent Access Control
d.Granularity of Access Control
c. History Dependent Access Control
______ is technical logical exposure which involves
unauthorized modification of manual input data being
submitted for processing ?
a.Wire Tapping
b.Data Diddling
c.Piggybacking
d.Key Logging
b. Data Diddling
When a hacker attempts to flood memory buffers &
communication ports on the network which results in
blocking the delivery of normal services is called _______
a.Social Engineering
b.Masquerading
c.Data Dumpster
d.Denial of Service
d. Denial Of Service
The Trojan Horse malicious code is a program that _____
a.Blow up on occurrence of a logical event
b.Carry out program commands automatically
c.Hides inside a host program
d.Attacks network devices
c. Hides inside a host program
______ is a process by which a user provides a claimed
identity to access a system
a.User authorization
b.User registration
c.User identification
d.User logging
c. user identification
Facial scan, iris & retina scanning are used in ______
a.Smart Token
b.Bio direct Security
c.Back up Security
d.Biometric Security
d. Biometric Security
A ____ can help the sales manager to read only the
information in a customer table that is relevant to
customers in their own territory
a.View
b.Procedure
c.Trigger
d.Table
a. View
Which one of the following is a logical control method
a.Work Area Separation
b.Policies & Procedures
c.Audit Trail
d.Order Form Data Entry
c. Audit Trail
Which term often means a piece of code left behind in the
system that will allow the original programmer back into the
system ?
a.Trap Door
b.Flap Jack
c.Unicode
d.Stealth Code
a. Trap Door
Application Controls
• Application represents the interface between the user
and business function
• Components of Application Controls
– Application Boundary Controls
– Input Controls
– Data Processing Controls
– Data File Controls
– Output Controls
Application Boundary Controls
• The objective of boundary controls is to prevent
unauthorized access to applications and their data.
• Data may be in any stage, input, processing, in transit or
being output.
• The controls should restrict user access in accordance
with business policy and organization structure, protect
other associated applications, systems software,
database and utilities from unauthorized access.
Application Boundary Controls
Logical security techniques for application boundary
Controls
• Logon ids and passwords
• Access to application from specified terminals only
• Using Cryptographic Controls
• Using audit trails
Input Controls
• Input controls are responsible for ensuring the accuracy
and completeness of data and instruction input into an
application system.
• Input controls are important since substantial time is
spent on input of data, involve human intervention and
are therefore error and fraud prone.
Input Controls
Input controls address the following:
• Source Document Design
• Data entry screen design
• Data code controls
• Batch Controls
• Data Input Validation Controls
• Data Input Error Handling and Reporting
• Instruction Input Controls
Source Document Design (Eg. Format of manual
Invoice)
A well-designed source document helps improve control in
the following ways:
• It reduces data entry errors
• Increases speed of data entry
• Ensures better control over the process
• Assists subsequent reference
Data entry screen design
Data is keyed into online forms and tables. Eg. Online
passport application. The factors that should be considered
while designing data entry screen are as follows :
• Screen organization
• Colour (Bright colours should be avoided)
• Caption design
- These guide the users as to ensure the nature of data to be
entered
- The caption for each entry field should end with a special
symbol (“:”) signifying the start of entry area
Data entry screen design
• Data entry field design
- These fields should be either to the right or below the caption
- Option & check button should be used when the user has to
choose from a small list of options
• Tabbing and skipping
- During the data entry, user moves from field to field by
pressing the “tab” key.
- Automatic tabbing should be avoided since the fields may be
skipped for data entry
• Display rate
- It is the rate at which the characters or images should be
displayed. Data entry screens should have fast &
consistent display rate
Data code controls
Data codes are used to uniquely identify an entity or
identify an entity as a member of a group.
Types of data coding errors:
• Addition: Addition of an extra character in a code
• Truncation: Omission of characters in the code
• Transcription: Recording wrong characters
• Transposition: Reversing adjacent characters
• Double transposition: Reversing characters separated
by one or more characters i.e., 45123 is entered as
42153.
Data code controls
Factors affecting coding errors are:
• Length of the code – Long codes are naturally prone to
errors.
• Alphabetic numeric mix – The code should provide for
grouping of alphabets & numerical separately if both are used.
• Choice of characters – Some alphabets are confused with
numerical such as B,I,O would be confused with 8,1,0
• Mixing uppercase/lowercase fonts
• Sequence of characters – Eg. Using ABC instead of ACB
Data Code Controls – Check Digit
Check digits are redundant digits that helps verify the
accuracy of other characters in the code that is checked.
The program recalculates the check digits & compare
with the check digit in the code when the code is entered
to verify that code is correct. Check digit may be pre-fix
or suffix to the actual data. Eg. Actual no. 2456.
Calculation of check digit – A no. is 2456
(2*5) + (4*4) + (5*3) + (6*2) = 53. Using algorithm 11, the
remainder is 9. Check digit is 2 ( 11-9 ). So the correct
entry code would be 24562 wherein the remainder shall
be zero (2*5) + (4*4) + (5*3) + (6*2) + (2*1) = 55. if any
change in the number is made the remainder shall not
be zero.
Batch Controls
Types of batch controls
• Total financial amount – Counter checking the total
financial amount of items processed in that batch with the
total individual financial amounts in the fields. Eg. In a
batch of 100 invoices it should be verified that the gross
total of individual sales value in the invoices matches the
total value of sales of all the invoices processed.
• Hash total – These are totals of any numeric field in the
batch such as serial no. of invoices to counter check the
total of the field after input of data. E.g. In a batch 5
invoices no. 1,2,3,4,5 are processed. So adding these no.
will result in hash value amounting to 15. If any invoice no.
shall be changed then the hash value will also be changed.
Batch Controls
Types of batch controls
• Total items - Counter checking that the total no. of items
included on each document in the batch matches the
total no. of items processed. E.g. The total no. of units
sold as per each invoice should match the total no. of
items processed in the batch.
• Total documents – Total no. of documents processed
should also be counter checked for correctness.
Data Input Validation Controls
• Input Authentication Controls
– Manual signatures on input document
– Input menu available for specified logins in case of
online inputs
– Scanned input using OCR (Optical Character
Recognition), Barcode Readers, MICR (Magnetic ink
character reader) etc.
Data Input Validation Controls
• Edit Controls
–
–
–
–
–
–
–
–
–
Sequence checks
Range and Limit check
Missing data check
Duplicate check
Programmed Validity Check
Dependency Match
Completeness check
Reasonableness check
Table lookups
Data Input Validation Controls – Edit Controls
• Sequence checks – It verifies that the data maintains a
proper sequence or order. It is used to check serial no.
of documents
• Range check – It refers to fixing an upper & lower limit
for data values to ensure that they don’t exceed them.
E.g. If check requires that % of tax should be between
10-30%, it is a range check
• Limit check – It refers to only upper or lower limit of the
data values, but not both. Eg. If edit check requires that
salary should not exceed 5 lacs pa, it is a limit check
Data Input Validation Controls – Edit Controls
• Missing Data check – Ensures that certain key fields are
not left blank during the data entry.
• Duplicate check – Ensures that the same data is not
keyed twice
• Programmed validity check – Logical validations may be
set within the application code to check for invalid input.
Eg. A user may be prevented from entering a non
existent account code
• Reasonableness check – Value entered may be
compared with an acceptable range within the system
before accepting input. Eg. Age entered as 140 may be
rejected as unreasonable.
Data Input Validation Controls – Edit Controls
• Dependency match – Where certain fields depend on
input value in other fields, programmed checks can be
used for internally validate data before accepting the
input. Eg. Date of joining may be compared to the date
of birth to ensure that the latter is earlier than the former.
• Completeness check – Completeness of data may be
checked before accepting data entry. Eg. While creating
new e-mail id the input screen will not be accepted
without date of birth, name , address etc.
• Table lookups – Input entered is matched with range of
values in table before acceptance. Eg. Customer code
entered by operator is internally matched with a table of
valid customers for a succesful match, else transaction is
rejected
Data Input Error Handling and Reporting
These are controls that identify errors & correct them
especially in a batch processing system.
Input errors can be handled in the following ways :
• Rejecting only transaction with errors – Only transactions
containing the errors would be rejected and the rest of
the batch would be processed
• Reject the whole batch of transactions – The whole
batch of transactions is rejected even if one error is
found in the batch.
Data Input Error Handling and Reporting
Input errors can be handled in the following ways :
• Accepting batch in suspense – The batch would be kept
in suspense account till the corrections in transactions
are made.
• Accepting the batch and marking error transactions –
Erroneous transactions are separately marked for
identifying later & the whole batch is processed. This is
usually done in online system
Instruction Input Controls
Instruction input methods
• Menu Driven Applications – These applications provide a
set of instructions that are fixed and users only need to
choose the actions to be done depending on the options
available in the menu
• Question Answer dialogs – These ask for a set of
questions to the user & provides a set of options from
which the user is required to make a selection. Eg. A
financial software may ask the user a series of questions
regarding PV, interest rate etc. and then provide the
requisite output
Instruction Input Controls
Instructions are subject to following validation check :
• Lexical Validation – Each word entered as an instruction
is validated to ensure its correctness.
• Syntactic Validation – System reads a string of words
validated by lexical analyzer & attempts to ensure that
the sequence of operation is correct.
• Semantic Validation – It reads the set of instructions
and verifies if the meaning is correct. Eg If a SQL
command is - Select NAME from EMPLOYEE where
EMPCODE= 1003, it would ensure that there exists a
table ’EMPLOYEE’ in which fields of ‘NAME’ &
‘EMPCODE’ exists
Processing Controls
Data processing controls perform validation check to
identify errors during processing of data. They are
required to ensure both the completeness & accuracy of
the data being processed. Some of the data processing
controls are explained as follows :
• Run-to-run totals - These help in verifying data that is
subject to process through different stages. Eg. If current
balance of ledger is 2 lacs & additional invoices for the
period is of .5 lacs then the total sales value should be
Rs 2.5 lacs
Processing Controls
• Reasonableness verification – Two or more fields can be
compared & cross verified to ensure their correctness.
Eg. The statutory PF can be calculated on the gross pay
amount to verify if the PF contribution deducted is
accurate.
• Exception reports – These reports are generated to
identify errors in data processed. Such reports give the
transaction code & why a particular transaction was not
processed or what is the error in processing the
transaction
Datafile Controls
• Version usage – Proper version of file should be used for
processing the data correctly
• Internal and external labeling – Labeling of storage
media is important to ensure that proper files are loaded
for process. In case of manual process of loading files,
external labeling is used. In case of automated tape
loader system, internal labeling is more important
• Data file security – Unauthorized access to data file
should be prevented to ensure confidentiality, integrity &
availability of the data file for process
Datafile Controls
• Before and after image and logging – Before & after
images combined with logging of the events enable reconstructing the data file back to its last state of integrity,
after which the application can ensure that the
incremental transactions can be rolled back or forward
• File updating and maintenance authorization – Sufficient
controls such as access restriction should exist for file
updating & maintenance to ensure that stored data is
protected
Output Controls
Output controls ensure that the data delivered to users will
be presented, formatted & delivered in a consistent and
secured manner. Various types of output controls are as
follows :
• Storage & logging of sensitive forms – Pre printed
stationery should be stored securely to prevent
unauthorized destruction
• Logging of output program execution – When programs
used for output of data are executed, it should be logged
& monitored
• Retention controls – These consider the duration for
which output should be retained before being destroyed.
Output Controls
• Controls over printing – Users must be trained to select
the correct printer & access restrictions may be placed
on the workstations that can be used for printing.
• Report distribution & collection control – A log should be
maintained as to what reports were generated & to
whom it was distributed. Similarly what reports were
printed & which of them were collected.
• Spooling – When a file is to be printed, the OS stores the
data to be sent to the printer in a temporary file on the
hard disk. This file is then spooled to the printer as soon
as the printer is ready to accept the data. This storage of
output could lead to unauthorized disclosure.
Network Security Controls- Threats and
Vulnerabilities
There are various kinds of threat that aim to compromise
the confidentiality, integrity or availability of the data. Some
of them are as follows :
•
•
•
•
•
•
•
•
Information Gathering
Communication Subsystem Vulnerabilities
Protocol Flaws
Impersonation
Message Confidentiality Threats
Message Integrity Threats
Web Site Defacement
Denial of Service
Information Gathering
• Port Scan – A program that for a particular IP Address,
reports which ports respond to messages & what
vulnerabilities are present.
• Social Engineering – It involves using social skills &
personal interaction to get someone to reveal security
relevant information.
• Reconnaissance – It involves looking through items that
have been discarded in garbage bins.
Information Gathering
• Operating System and Application Fingerprinting – Here
the attacker wants to know which commercial server
application is running, which underlying operating
system & version are being used.
• Bulletin Boards and Chats – Underground Bulletin Board
& chat rooms support exchange of information among
the hackers. Attackers post & share their latest exploits
& techniques.
Communication Subsystem Vulnerabilities
• Eavesdropping and Wiretapping – An attacker can pick off the
content of a communication passing in unencrypted form without
expending extra effort. Eg. An attacker is eavesdropping by
monitoring all traffic passing through the node. Wiretapping
means intercepting message through some effort. Passive
Wiretapping is just Listening but active wiretapping means
injecting something into the communication stream.
• Microwave signal tapping – Microwave signals are broadcast
through air, making them more accessible to outsiders. An
attacker can intercept a microwave transmission by interfering
with the line of sight between sender & receiver
• Satellite Signal Interception
• Wireless
• Optical Fiber
Protocol Flaws
• Internet protocols are publicly posted for scrutiny.
• Many problems with protocols have been identified by
reviewers and corrected before the protocol was
established as a standard.
• Despite this process of peer review, flaws exist in many
of the commonly used protocols.
• These flaws can be exploited by an attacker.
Impersonation
• Authentication foiled by guessing – Guess the identity &
authentication details of the target by using common
passwords.
• Authentication foiled by eavesdropping or wiretapping –
In distributed environment, the account & authentication
details of the subject are passed to destination hosts via
network which are exposed to anyone observing the
communication on the network
• Well known authentication – Eg. Vendors at the time of
selling computer sets a default password. Sometimes an
administrator fails to change the password thereby
creating a vulnerability
Impersonation
• Authentication Foiled by Avoidance – Eg. A flaw in
particular OS meant that the buffer for typed characters
in a password was of fixed size. If a user typed more
characters than the buffer would hold, the overflow
caused the OS to bypass password comparison & act as
if correct authentication had been supplied. Such
weakness can be exploited by anyone seeking
unauthorized access.
• Nonexistent Authentication – Eg. If a user works on 2
systems, he may only be required to provide
authentication details for the first system & the access to
second is automatically provided. So an attacker gains
access to first system through some system weakness
(eg. Guess password) & then automatically provided the
access to the second.
Impersonation
• Spoofing and Masquerading – The host pretends to be
another. Eg. URL/Domain name confusion (citibank.com
vs citybank.com). The attacker registers the domain
citybank.com & makes it look as closely as possible to
real citibank site. Innocent customer would provide the
login details & password. Such information can easily be
exploited by the attacker
• Session Hijacking – It is intercepting & carrying on a
session started by another entity. Eg. In an e-commerce
transaction just before a user places his order & gives
his address details etc. the session could be hijacked by
an attacker
• Man-in-the-Middle Attack – It is similar to session
hijacking except that the attacker participates from the
start of the session in this kind of attack
Message Confidentiality Threats
• Misdelivery – Sometimes due to change in destination
address or malfunction of protocol, a message may be
delivered to someone other than the intended person.
• Exposure - The content of the message may be exposed
in temporary buffer at switches, router, gateway to which
a malicious attacker can attack.
• Traffic Analysis (or Traffic Flow Analysis) – Sometimes
not only the message itself but the fact that a message
exists is also sensitive. Eg. A message from MD of one
co. to the MD of another co. could lead to speculation
about a takeover or conspiracy to fix the prices. So in
these cases both the content of the message & the
header information that identifies sender & receiver
needs to be protected.
Message Integrity Threats
• Changing some or all of the content of a message
• Replacing a message entirely, including the date, time,
and sender/ receiver identification
• Reusing (replaying) an old message
• Combining pieces of different messages into one false
message
• Changing the apparent source of a message
• Redirecting a message
• Destroying or deleting a message
Web Site Defacement
• Web site defacement is common not only because of its
visibility but also because of the ease with which one can
be done.
• Web sites are designed so that their code is downloaded
and executed in the client (browser).
• This enables an attacker to obtain the full hypertext
document and all programs and references programs
embedded in the browser.
• This essentially gives the attacker the information
necessary to attack the web site.
• Most websites have quite a few common and well known
vulnerabilities that an attacker can exploit.
Denial of Service (DOS)
DOS attacks leads to loss of network availability. Some of
them are explained as follows :
• Connection Flooding – An attacker sends more data
than what a communication system can handle. As a
result the system is prevented from receiving any other
legitimate data.
• Ping of death – A ping is a protocol which requests a
destination to return a reply. Since ping requires the
recipient to respond to the ping request, all that attacker
needs to do is send a flood of pings to the intended
victim
Denial of Service (DOS)
• Traffic Redirection – A router is a device that forward the
traffic between a source and a destination network. So if
an attacker can corrupt the routing, traffic can disappear
• DNS Attacks – A domain name server (DNS) is a table
that converts domain names like www.icai.org into
network address like 202.54.74.130, a process called
resolving the domain name. By corrupting a name
server, an attacker can ensure that packets intended for
a particular host never reach their destination.
Distributed Denial of Service (DDoS)
• An attacker attacks in 2 stages. In first stage an attacker
uses any convenient way to plant a Trojan Horse on a
target machine. The attacker repeats this process with
many such targets. Each of these target systems are
known as Zombies. After some time the attacker
chooses a victim & sends signal to all the zombies to
attack. As a result the victim tries to counter attack all the
zombies simultaneously which is practically very difficult
Other Threats
• Threats from cookies – These are data files created by
the server that are stored on the client machine &
fetched by a remote server usually containing
information about the user on the client machine.
Anyone intercepting the cookie can impersonate as
cookie’s legitimate owner. Eg. Remembering &
displaying username & password of mail id.
• Threats from Scripts – A malicious user can monitor the
communication between browser & server to see the
changes on a web page, what the browser sends & how
the server reacts. With this information the malicious
user can manipulate the server’s action.
Other Threats
• Threats from active/ mobile code – It is a code that is
downloaded from the server by the client & executed on
the client machine. Eg. Java Script, Active X controls.
These are also known as Applets. A hostile applet is
downloadable code that can cause harm on the client’s
system
Network Security Controls
Various types of Network security controls are as follows :
•
•
•
•
•
•
•
Architecture
Cryptography/Encryption
Content Integrity
Strong Authentication
Remote Access Security
Firewalls
Intrusion Detection Systems
Architecture
The design of network can have significant effect on its
security. Some of major considerations are :
• Segmentation – It reduces the no. of threats. Eg. If a
web server, application & database are residing on a
single server then it results in a very insecure
configuration
• Redundancy - Instead of using a single web server, a
better design would be to have 2 servers so that in case
the first fails the second one can take over the
processing
• Eliminate Single Points of Failure – Any single point in
the network fails could result in denying access to all the
network.
Cryptography/Encryption
• Link Encryption – Data is encrypted just before the system
places them on the physical communication link, that is
encryption & decryption occurs at the data link layer of OSI
model of the sender & receiver host respectively.
• End-to-End Encryption - Data is encrypted at presentation
or application layer & is very secure.
• PKI and Certificates – Public key infrastructure (PKI) is a
process created to enable users to implement public key
cryptography. It offers the following services :
- Create certificates associating a user’s identity with a public
key
- Issue certificates from its database
- Confirm the validity of a certificate
Cryptography/Encryption
• SSL Encryption – To create Secure socket Layer (SSL),
client request a SSL Session. The server responds with
its public key certificate so that the client can determine
the authenticity of the server. The client returns the
symmetric session key encrypted under the server’s
public key. The server decrypts the session key & the
encrypted communication starts.
• IPSec - Similar to SSL encryption.
• Signed Code – It is possible to place a malicious active
code on a web site to be downloaded by innocent users.
Signed code is used to reduce this risk.
Content Integrity
• Error Correcting Codes
– Parity Check
An extra bit is added to an existing group of data bits
depending on their sum. In case of even parity, extra bit
is 0 if the sum of the data bits is even & 1 if the sum is
odd. Odd parity is the same except the sum is odd.
Parity is useful only when the error is in a single bit.
Content Integrity
For example, the parity bit can be computed as follows, assuming we are
sending a simple 4-bit value 1001 with the parity bit following on the right.
Transmission sent using even parity:
A wants to transmit:
1001
A computes parity bit value: 1^0^0^1 = 0 (Zero since the no. of ones is even)
A adds parity bit and sends: 10010
B receives:
10010
B computes parity:
1^0^0^1^0 = 0 (Zero if the condition (i.e. even) is true
& 1 if the condition (i.e. even) is false )
B reports correct transmission after observing expected even result.
Same transmission sent using odd parity:
A wants to transmit:
1001
A computes parity bit value: ~(1^0^0^1) = 1 (One since the no. of ones is even)
A adds parity bit and sends: 10011
B receives:
10011
B computes overall parity: 1^0^0^1^1 = 1 (Zero if the condition (i.e. odd) is
true & 1 if the condition (i.e. odd) is false )
B reports correct transmission after observing expected odd result.
Content Integrity
• Error Correcting Codes
– Checksum and CRC
It works up by adding the basic components of a
message, usually bits or bytes and storing the resulting
value. Later on anyone who has the authentic
checksum can verify whether the message was
corrupted by doing the same operation & checking the
sum. Cyclic redundancy check (CRC) considers not
only the value of each bit/byte but also the order of the
values. It uses a hash function to produce a checksum.
Content Integrity
• Message Digests (Cryptographic Checksums) – It is
created by performing a complicated series of
mathematical operations ( Cryptographic algorithm) that
translates the data in the file into a fixed string of digits
called a hash value. It would be tough for an
unauthorized person to change the data as he is not
aware which algorithm is used to create a hash value.
Strong Authentication
• One Time Passwords (eg. Token based password to
access bank account online)
• Challenge Response Systems – It looks like a pocket
calculator. The user first authenticates to the device by
means of a PIN. The remote system sends a random no.
called the ‘Challenge’ which the user enters in the
device. Then device responds to the challenge with
another no, which the user the transmits to the system
Strong Authentication
• Kerberos – The Kerberos protocol uses strong
cryptography so that a client can prove its identity to a
server (and vice versa) across an insecure network
connection. After a client and server have used Kerberos
to prove their identity, they can also encrypt all of their
communications to assure privacy and data integrity as
they go about their business.
• It is a system that supports authentication in distributed
systems. A central server provides authenticated tokens
called tickets to the requesting applications. It is an
encrypted data structure naming a user & a service that
user is allowed to obtain.
Remote Access Security
• Virtual Private Networking (VPN) – It can be used to facilitate
secure remote access into a network. It securely connects two
networks together or create a secure data tunnel within a
network.
• Dial back procedures – These ensure that access is made
from authorized lines or locations in case of access from
remote locations. When a user dials into the server &
identifies himself, the server hangs up & calls the user at a
pre-determined telephone no. & then enables the user to
access the resource based on the password authentication
• Authentication Servers – These enable secure remote
access. It facilitates centralized access monitoring & control.
Authentication servers also provides the facility of event
logging & extended audit trails.
Firewalls
• Virtual Private Networks
• Intranet
• Extranets
Securing a Firewall :
•
Any unused networking protocols should be removed
from the firewall operating system build
• Any unused network services or applications should be
removed or disabled
• Any unused user or system accounts should be removed
or disabled
Firewalls
Intrusion Detection Systems
• Intrusion detection systems complement preventive
controls as the next line of defense.
• An intrusion detection system (IDS) is a device, usually
another separate computer, that monitors activity to
identify malicious or suspicious events.
• An IDS is a sensor, that raises an alarm if specific things
occur.
• The alarm can range from writing an entry in an audit
log, to something significant, such as paging the system
security administrator.
Host based IDS – It runs on a single workstation to protect
that one host.
Network based IDS – It is a stand alone device that is
attached to a network to monitor traffic throughout that
network
Intrusion Detection Systems
Auditing Network Security
The considerations while auditing network security are
• Locating logical access paths by reviewing network
diagrams
• Identifying network topologies, virtual paths spanning
across LANs, WANs and the open networks such as
shared networks and the Internet.
• Recognizing logical access threats, risks and exposures
in the networked environment.
Auditing Network Security
• Identifying and controlling over access paths used for
distributed processing and distributed databases.
• Evaluating network management and change control in
respect of technical components such as modems,
switches, routers, firewalls, VPNs, network management
and access control software, encryption, protocols,
middleware controls and Internet security.
• Identifying information resource owners can be quite
complex since in a distributed computing environment,
an application process can span several systems and
networks, including those outside the organization’s
control.
Auditing Network Security
• Evaluating logical network security policies and
practices.
• Evaluating effectiveness of logical access security with
respect to network security components such as:
– Firewalls and filtering routers - architecture,
configuration setting as per firewall security policy,
port services, anti-virus configuration, reporting and
management controls
– Intrusion detection systems - architecture,
configuration, interface with other security
applications, reporting and management controls
– Virtual private networks - architecture, devices,
protocol, encryption process integration with firewall
security, change management
Auditing Network Security
– Security protocols - selection of appropriate protocol,
seamless security integration of protocols between
devices running different protocols
– Encryption - selection of appropriate encryption
methods to various application processes
– Middleware controls - middleware design and access
control with respect to identification, authentication
and authorization, management of components and
middleware change management.
– Network event logging and monitoring
Penetration Testing
• As its name implies, penetration testing is a series of
activities undertaken to identify and exploit security
vulnerabilities.
• The idea is to find out how easy or difficult it might be for
someone to “penetrate” an organization’s security
controls or to gain unauthorized access to its information
and information systems.
• It involves small team which attempts to exploit
vulnerabilities in the security system by simulating an
unauthorized user.
Penetration Testing
• It comprise of people from organization’s internal audit or
IT department.
• Since it is an authorized attempt to simulate hacker
activities, it is also known as ‘Ethical Hacking’.
• It is important to point out that a penetration test cannot
be expected to identify all possible security
vulnerabilities, nor does it offer any guarantee that an
organization’s information is secure.
Penetration Testing Strategies
• External vs. Internal testing – External testing refers to
attacks on the network from outside the organization i.e.
from internet or extranet. An attack is made on visible
servers or devices such as Domain name server (DNS),
email server, web server etc. Internal testing is
performed within the organization’s technology
environment.
• Target testing – The IT team & the penetration testing
team are made aware of the testing activities &
information concerning the target and network design.
These are cost efficient & may take less time but may
not provide a true picture.
Penetration Testing Strategies
• Blind testing – The testing team is provided with only
limited information. Hence the team must use publicly
available information (such as co. website, Internet
discussion Board) to gather information about the target
& conduct its penetration test. It is more time consuming
as well as expensive as compare to target testing.
• Double-blind testing – It is an extension of Blind testing.
In this kind of testing very few people within the
organization are made aware of the testing, perhaps only
the project sponsor.
Types of Penetration Testing
• Application security testing – Many organizations offers
access to core business functionality through web based
applications. This type of access results in new security
vulnerabilities because even with a firewall system,
security can be compromised. The objective of this
testing is to evaluate the controls over the application &
its process flow.
• Denial of Service (DoS) testing – The goal of DoS is to
evaluate the system’s tolerance to attacks that will
render it inoperable.
• Social Engineering – This technique uses social
interactions, typically with the organization’s employees,
suppliers & contractors to gather information & penetrate
the organization’s systems.
Types of Penetration Testing
• War Dialing – It is a technique for systematically calling a
range of telephone numbers to identify modems, remote
access devices etc. that exists on an organization’s
network. Once a modem or other access device has
been identified, analysis & exploitation techniques are
performed to assess whether this connection can be
used to penetrate the organization’s information system
network.
• Wireless network penetration testing – Hackers identify
wireless networks while walking around office buildings
with their wireless network equipment. The goal is to
identify security gaps or flaws in the design,
implementation or operation of the organization’s
wireless network
Physical Controls
Physical Access Threats and Exposures
Some illustrative examples are:
• Unauthorized persons gaining access to restricted areas.
Examples are prospective suppliers gaining access to
computer terminal of purchases department, thereby
viewing list of authorized suppliers and rates being
displayed on the screen during data entry.
• Employees gaining access to areas not authorized, e.g.
sales executives gaining access to server room.
• Public disclosure of sensitive information, e.g.
Information regarding location of servers, confidential or
embarrassing information.
Physical Controls
• Damage, vandalism or theft of equipments or other IS
resources.
• Abuse of data processing resources, e.g. employees
using internet for personal purposes.
• Damage due to civil disturbances and war.
• Embezzlement of computer supplies, e.g. floppies,
cartridges, printer consumables.
Physical Controls
Classification of Physical Access Exposure
• Unintentional or Accidental: Authorized personnel or
unauthorized personnel unintentionally gaining physical
access to IS resources resulting in accidentally or
inadvertently causing loss or damage to the
organization.
• Deliberate: Unauthorized personnel may deliberately
gain access or authorized personnel may deliberately
gain access to IS resources, in respect of which they are
not permitted rights of access.
Sources of Physical Access Threats
The perpetrators or source of physical threats can be
as follows
• Interested or Informed outsiders such as competitors,
thieves, organized criminals and hackers
• Former Employees
• Accidental Ignorant
• Discontented or disgruntled employees
• Employees on strike
• Employees under termination or suspended pending
termination
• Addicted to substances or gamblers
• Experiencing financial or emotional problems
Physical Access Control Techniques
• Administrative Controls
– Choosing and Designing a Secure Site
– Security Management
– Emergency Procedures
• Technical Controls
– Guards
– Dogs
– Compound walls and perimeter fencing
– Lighting
– Deadman Doors – This involves a pair of doors &
some space between the doors. When a person is
admitted to premises the second door is closed while
the first door opens. Once the person enters the first
door is closed & then the second door opens
Physical Access Control Techniques
–
–
–
–
–
–
–
–
–
Bolting door locks
Combination or Cipher locks
Electronic Door Locks
Biometric Door Locks
Video Cameras
Identification badges
Manual Logging
Electronic Logging
Controlled single point access
Physical Access Control Techniques
–
–
–
–
–
–
–
–
–
–
–
Controlled Visitor access
Bonded Personnel
Wireless Proximity Readers
Alarm Systems/Motion detectors
Secured Distribution Carts
Cable locks
Port controls
Switch controls
Peripheral switch controls
Biometric Mouse
Laptops Security
Auditing Physical Access
•
•
•
•
Risk Assessment
Controls Assessment
Review of Documentation
Testing of Controls
Environmental Access Controls
Objects of Environmental Controls
• Hardware and Media: Includes Computing Equipment,
Communication equipment, and Storage Media
• Information Systems Supporting Infrastructure or
Facilities such as :
-
Physical premises like computer rooms, cabins, server rooms
Cabling ducts
Power source
• Documentation
• Supplies
• People
Environmental Threats and Exposures
•
-
Natural
Natural disasters such as floods, earthquakes, volcanos
Extreme climatic conditions
Insects such as rodents, termites, fungi
•
-
Man-made
Fire due to negligence
Equipment failure
Uncontrolled Power
Techniques of Environmental Control
• Technical Controls
• Administrative Controls
-
Fire-resistant Walls, Floors and Ceilings
Concealed Protective Wiring
Ventilation and Air Conditioning
Power Supplies
• Uninterruptible Power Supply(UPS)/ Generator
• Electrical Surge Protectors/Line Conditioners
• Power leads from two sub-stations
-
Smoke Detectors and Fire Detectors
Fire Alarms
Emergency Power
Water detectors
Centralized Disaster monitoring and control Systems
Fire Suppression Systems
– Water Based Systems
• Wet Pipe Sprinklers
• Dry-Pipe Sprinklers
• Pre-action
– Gas Based Systems
• Carbon-dioxide
• Halon
Choosing & designing a safe site
•
•
•
•
•
Visibility
Local considerations
Natural Disaster
Transportation
External Services
Environmental Technical Controls
• Power Supplies
Some of the power problems are explained as follows:
-
Sag (Momentary Low Voltage)
Brownout (Prolonged Low Voltage)
Spike (Momentary High Voltage)
Surge (Prolonged High Voltage)
Blackouts (Complete Loss of Power)
Offline UPS - The computer / equipment is driven by the main AC power line. The batteries of
the UPS are continuously charged in normal conditions. In case of extreme power condition
UPS switches to batteries
Online UPS - The computer/ equipment is continually driven through the batteries even in the
normal conditions. The batteries also get charged. It provides the purest form of power.
• Emergency Power Off
-
There should be one power off switch within the computer facility and another just outside
the computer facility
Environmental Technical Controls
Fire Suppression Systems :
Combustibles are rated as either Class A,B,C based on
their material composition which are as follows :
- Class A
Fire caused by common combustibles like wood, cloth, paper, rubber,
plastics. These are suppressed by water or soda acid.
- Class B
Fire caused by flammable liquids & gases. These are suppressed by
Carbon dioxide, Soda acid or Halon
Environmental Technical Controls
- Class C
Electrical fires are classified as class c & are suppressed by Carbon
Dioxide, Halon
- Class D
Fire caused by flammable chemicals and metals (such as magnesium
& sodium). These are suppressed by Dry Powder (a special smothering
& coating agent)
Environmental Technical Controls
Fire Suppression Systems are Classified as :
-
Water Based Systems
Wet Pipe Sprinklers – Sprinklers are provided at various places in the ceiling & water is
charged in the pipes. In case of heat rise, a fusible link in the nozzle melts thereby causing the
valve to open & allowing water to flow. These have disadvantage of leakage.
Dry Pipe Sprinklers – These are similar to wet pipe sprinklers except that the water is not kept
in pipes but pipes remain dry & upon detection of heat rise by a sensor, water is pumped in the
pipes.
Pre action – It combines both dry & wet pipe systems by first releasing the water into pipes
when heat is detected (Dry Pipe) & then releasing the water flow when the link in the nozzle
melts (Wet Pipe). This is most recommended water based fire suppression system.
Environmental Technical Controls
Fire Suppression Systems are Classified as :
-
Gas Based Systems
Carbon Dioxide – Such systems discharge CO2 thus cutting the supply of oxygen from the air.
However CO2 being lethal for human life, such systems are recommended only in unmanned
computer facilities.
Halon – It is an inert gas and was once considered as most suitable for fire suppression. It is
not considered safe for humans beyond certain level as it is an Ozone depleting agent &
hence environment unfriendly.
Question
Which of the following is not a type on internal control ?
a.Preventive
b.Additive
c.Detective
d.Corrective
b. Additive
Which of the following is not a water based system ?
a.Post implementation
b.Pre - action
c.Dry pipe system
d.Wet pipe system
a. Post implementation
Which of the following is not a principle of information
safety ?
a.Redundancy
b.Confidentiality
c.Integrity
d.Availability
a. Redundancy
UPS stands for ?
a.Uninterrupted Power Supply
b.Uninterrupted Power Supplier
c.Uniform Power Supply
d.None of these
a. Uninterrupted Power Supply
Data _______ prevents modification of data by
unauthorized personnel
a.Marketability
b.Confidentiality
c.Integrity
d.Availability
c. Integrity
Preventing disclosure of information to unauthorized
individual or system is defined as _____
a.Utility
b.Confidentiality
c.Integrity
d.Availability
b. Confidentiality
Which of the following physical control would be most
appropriate in a high security environment ?
a.Combination Locks
b.Identification Badges
c.Electronic Door Locks
d.Biometric Door Locks
d. Biometric Door Locks
Which of the following is not an environmental control ?
a.Biometric Devices
b.Line Conditioners
c.Air Conditioners
d.Fire Suppression System
a. Biometric Devices
Surge, Spike & sag are types of ?
a.Biometric Systems
b.Electrical Fluctuations
c.Fire Suppression Systems
d.Electromagnetic Radiations
b. Electrical Fluctuations
Which of the following is most recommended water based
fire suppression system ?
a.Dry Pipe system
b.Wet Pipe system
c.Drip Pipe system
d.Pre action system
d. Pre action system
Which of the following gas based fire suppression system
would you find in an unmanned computer facility ?
a.Argon
b.Halon
c.Carbon-dioxide
d.Oxygen
c. Carbon-dioxide
Viruses that can change their appearance are known as :
a.Polymorphic Virus
b.Boot Sector Virus
c.Stealth Virus
d.Macro Virus
a. Polymorphic Virus
Identify the correct statement with respect to guidelines for
data entry screens ?
a.Both bright colours & automatic tabbing should be
avoided
b.Both bright colours & automatic tabbing should be used
as often as possible
c.Bright colours should be avoided & automatic tabbing
should be used as often as possible
d.Bright colours should be used as often as possible while
automatic tabbing should be avoided
a. Both bright colours & automatic tabbing should be avoided
If the product no. A5723 is coded as A5753, this is an
example of a:
a.Truncation Error
b.Double transposition Error
c.Random Error
d.Transcription Error
d. Transcription Error
Which of the following checks can significantly reduce
transcription errors :
a.Range check
b.Limit check
c.Check digit
d.Size check
c. Check Digit
Which of the following is not a validation done on
instruction input
a.Holistic validation
b.Lexical validation
c.Semantic validation
d.Syntactic validation
a. Holistic Validation
A check to ensure that same data is not keyed twice :
a.Sequence check
b.Limit check
c.Missing Data check
d.Duplicate check
d. Duplicate check
As a quality assurance measure in the batch processing of
accounts payable data, a firm sums the account numbers
for all accounts processed. This procedure results in a :
a.Hash Total
b.Batch Number
c.Parity Check
d.Check Sum
a. Hash Total
Cryptographic systems provide for :
a.Linearity of messages
b.Integrity of messages
c.Intelligibility of messages
d.Availability of messages
b. Integrity of messages
The activity of testing undertaken by an organisation with
the help of teams to exploit security vulnerabilities of its
enterprise network is called :
a.Intrusion Detection Testing
b.Preventing Detection Testing
c.Post-Implementation Testing
d.Penetration Testing
d. Penetration Testing
War Dialing is a type of :
a.Firewall
b.Denial of service
c.Penetration Testing
d.Wire Testing
c. Penetration Testing
Which of the following is not an application control ?
a.Input Control
b.Processing Control
c.Recovery Control
d.Output Control
c. Recovery Control
If the number B8597 is coded as B5987, it is an example of
a:
a.Truncation error
b.Double Transposition error
c.Random error
d.Transcription error
b. Double Transposition error
If the data entry requires that gross salary should not
exceed Rs. 1.5 lacs per month this can be done by using :
a.Sequence Check
b.Range Check
c.Limit Check
d.Field Check
c. Limit Check
The rights of access to information authorized to users on
need to know and need to do basis is called the principle of
______
a.Need Privileges
b.Full Privileges
c.Least Process
d.Least Privilege
d. Least Privilege
The personnel within the organization delegated with the
responsibility of administration and protection of data
resources are called ______
a.Data protectors
b.Data custodians
c.Data committers
d.Data owners
b. Data custodians
Identify the components of information security program
policy
a.Program, data access, controls & scope
b.Purpose, scope, responsibility, & compliance
c.Purpose, scope, storage & coverage
d.Program security, program scope, Program execution &
results
b. Purpose, scope, responsibility, & compliance